The Electoral Commission has acknowledged its failure in a fundamental cyber-security assessment, which coincided with a breach by hackers gaining unauthorized access to the organization’s systems.
A whistleblower disclosed that the Commission received an automatic failure during a Cyber Essentials audit. Last month, it was revealed that “hostile actors” had infiltrated the Commission’s emails, potentially compromising the data of 40 million voters.
According to a Commission spokesperson, the organization has not yet managed to pass this basic security test. In August of 2021, the election watchdog disclosed that hackers had infiltrated their IT systems, maintaining access to sensitive information until their detection and removal in October 2022.
The unidentified attackers gained access to Electoral Commission email correspondence and potentially viewed databases containing the names and addresses of 40 million registered voters, including millions not on public registers.
The identity of the intruders and the method of breach have not yet been disclosed. However, it has now been revealed by a whistleblower that in the same month as the intrusion, the Commission received notification from cyber-security auditors that it was not in compliance with the government-backed Cyber Essentials scheme.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: